You may need to break out these services into independent boxes: for example, an AD controller on one; a linux kerbNFS+Samba on a second to handle storage; and an openbsd firewall box handling the internet gateway.